Understanding the Difference Between Phishing and Pharming

Wednesday, December 2, 2015

In a broad category of cyber attacks, the terms ‘phishing’ and ‘pharming’ are commonly used to describe the act of stealing personal information through the use of websites. The underlying objective is the same for both ‘phishing’ and ‘pharming’ but the methods used behind are completely different.

While some may use these terms interchangeably or alongside each other, they are essentially two separate concepts and tactics used by cyber attackers. By learning these differences, you will be better informed of the what the terms are, how they work and what you can do to minimize the risk of these attacks as a website owner.

The Word: ‘Phishing’

Phishing is a homophone of ‘fishing’ and is similar to the idea behind ‘fishing’. This cyber attack typically preys on oblivious targets to divulge their confidential information and uses a bait to lure potential victims. One commonly used tactic involves the combination of email spoofing as a bait, tricking recipients into releasing personal data from deceivingly known sites.

Sample of a Paypal Phishing Site (Image Source: NZ Health Tec)

You may have received emails before asking you to change your password for social network accounts such as Twitter and Facebook. Or maybe, emails from ‘banks’ requesting you to login to their system to update your personal information. These are some frequently encountered examples of phishing and involves surrendering of sensitive data about yourself. And it is in such circumstance, you will find yourself lock in the hands of a fraudulent third-party indefinitely, likewise your visitors if your site becomes the next phishing target.

Paypal, Apple, and Taobao are favourites amongst cyber attackers because of its nature containing financial details about a user. According to APWG Global Phishing Survey released on 27 May 2015, each of these three e-commerce brands suffered over 20,000 phishing attacks in the second half of 2014, and combined together, these top three names account for up to 54 percent of global phishing attacks. While phishing may fall upon the bigger names, small and medium enterprises (SMEs) are likely to be affected as well because of the lack of cyber security prevention measures to safe keep data, making phishing an easier task for attackers, so beware!

The Word: ‘Pharming’

Pharming Illustration (Image Source: BustaThief.com)

Pharming, on the other hand, is a homophone of ‘farming’, and is a form of cyber attack that redirects all website’s traffic to a bogus site. Pharming is more extensive than Phishing because it requires manipulating a victim’s computer or exploiting a Domain Name System (DNS) server software to change the logic behind a DNS i.e DNS cache poisoning. How DNS typically works is that domain names such as ‘www.nicebank.com’ is keyed into the web address bar and gets redirected to a string of numbers such as ‘192.168.1.1’. This logic, however, if changed, can redirect traffic to a different string of numbers, leading to malicious websites such as ‘www.n1cebank.com’ without visitors knowing.

In comparison with phishing, this tactic is not frequently carried out because of the arduous need to gain access to a server’s DNS and requires the need to inject a computer with malicious code. Still it’s always good to know what this attack is, just as knowing how fascinating the pronunciation of this term maybe.

Known Remediation to Minimize Risk – EV Certificate

To prevent potential visitors from falling into phishing and pharming traps, Extended Validation (EV) SSL certificates are frequently used to prove a website’s legitimacy by displaying the company’s identity right from upon entrance of the site or installed specifically on pages of the site where sensitive information is collected.

A screenshot of Extended Validation (EV) Certificate

The (1) green bar of assurance (2) secure padlock (3) https display and (4) full company name on the website will inform and reassure visitors on the sites they are visiting, making it easier for visitors to distinguish between a real and/or a malicious site.

EV certificate has been successful in instilling trust with visitors. In fact, 59% would stop doing business with a site if they noticed it lost the green bar temporarily, this is in accordance to a survey done by Tech-Ed. This shows how an EV certificate can protect your business from a phishing or pharming attack since visitors generally are aware of the green bar instinctively.

To add on, no second person can register the same company name as certificate signing requestor would have to undergo a rigorous validation process, this involves Certificate Authorities (CAs) calling the company to make sure it truly exists before the digital certificate is issued. So even with a redirection caused by phishing or pharming, EV certificate can, at least, save your business from a downfall with smart and vigilant visitors staying away from these phishing and pharming ploys.

About Ashlee Ang

Ashlee is a content writer at Cyber Secure Asia where she writes about introductory topics on cyber security and cyber-related happenings in Singapore & South East Asia.